If you could take a minute to fill in some of your profile information that would be helpful to all members of the forum
Knowing someone's location in the world can be extremely helpful, even if you just put a country.

Also remember to post any problems or questions that you have in the appropriate forums

With regards to your problem, you are running an outdated version of Hijack This, please see this thread and use the link in it to download the latest version and rename the file, then post a new log.

From the current log it looks as though you have Norton AND McAffee installed, but i would still like to see a log from the latest version of HJT.

About the time my computer started to act like this, I connected an external hard drive that my wife and I have our wedding pictures on. This was the first time I plugged it into my computer. After my computer started to slow down, I expected it was because of the external hard drive so I ran a virus scan on that, which showed no viruses.

My wife's computer has been very slow as well, but she recently deleted all of the pictures from her hard drive and now they are only on the external hard drive, and her computer sped up. (although whenever you try to open up a program, Microsoft Money tries to open up)

So this weekend she hooked up the external hard drive to her computer at school, and their software said there was a virus and she immediately unplugged the external hard drive.

So something is obviously not quite right with our external hard drive.

I fixed everything you recommended so far. The two below say they get fixed, but reappear when I re-run the scan.

O4 - HKLM\..\Run: [Internt] C:\WINDOWS\system32\internt.exe

O4 - HKLM\..\Run: [Program file] C:\WINDOWS\system32\progmon.exe.

I'm not sure what the next step is. I do use my computer for business so I don't know if I should reformat or clean, or how to do those.

If you want to try and clean your system of malware then let me know. The reason that those entries pop back up again each time you scan is because a trojan has put them there and fixing the entries with HJT is not removing it, just temporarily stopping those startup entries until you reboot.

This thread is for the use of Go Zags only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

1. Download and extract the Autoruns program by Sysinternals to C:\Autoruns

2. Reboot into Safe Mode so that the malware is not started when you are doing these steps. Many malware monitor the keys that allow them to start and if they notice they have been removed, will automatically replace that startup key. For this reason booting into safe mode allows us to get past that defense in most cases.

3. Navigate to the C:\Autoruns folder you created in Step 1 and double-click on autoruns.exe.

4. When the program starts, click on the Options menu and enable the following options by clicking on them. This will place a checkmark next to each of these options.

1. Include empty locations

2. Verify Code Signatures

3. Hide Signed Microsoft Entries

5. Then press the F5 key on your keyboard to refresh the startups list using these new settings.

6. The program shows information about your startup entries in 8 different tabs. For the most part, the filename you are looking for will be found under the Logon or the Services tabs, but you should check all the other tabs to make sure they are not loading elsewhere as well. Click on each tab and look through the list for the filename that you want to remove. The filename will be found under the Image Path column. There may be more than one entry associated with the same file as it is common for malware to create multiple startup entries.

7. Once you find the entry that is associated with the malware, you want to delete that entry so it will not start again on the next reboot. To do that right click on the entry and select delete. This startup entry will now be removed from the Registry.

8. Now that we made it so it will not start on boot up, you should delete the file using My Computer or Windows Explorer. If you can not see the file, it may be hidden. To allow you to see hidden files you can follow the steps for your operating system found in this tutorial:

1: I didn't find \system.exe or \btorrent.exe after I ran the autorun.exe in SafeMode.
2: The AutoRun had way more than 8 different tabs. Did I download the correct one?
3: I couldn't find \system.exe or \btorrent.exe using My Computer so that I could delete them, even though I had the hidden files showing.

Now, you should be looking under the Logon tab for internt.exe and progmon.exe. If you can find them (if you can't at first, try pressing Ctrl + F and typing the names in) uncheck them and delete the entries. Then go to C:\WINDOWS\system32\ and delete the files internt.exe and progmon.exe.

After you've done this, post another HJT log just to check that you're clean

I have ran Auto Run in Safe Mode several times now. I find progmon.exe and internt.exe every time and delete it. I also fix it in HJT. I also delete those files by searching for them in \system32 folder. Right after that I emptied my recycle bin so they wouldn't stay in that.

I did this a few times, and now when I run HJT and AutoRun in normal mode, they appear again.

-
If you do not have CCleaner please install it. Download CCleaner
* Once CCleaner is open use the default options.
* Click Analyze and it will show a log of what will be removed.
* Next click Run Cleaner to remove everything.

Install it and double-click the icon on your desktop to run it.
* It will ask if you want to Update the program definitions, click Yes.
* Under Configuration and Preferences, click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked:
+ Close browsers before scanning
+ Scan for tracking cookies
+ Terminate memory threats before quarantining.
+ Please leave the others unchecked.
+ Click the Close button to leave the control center screen.
* On the main screen, under Scan for Harmful Software click Scan your computer.
* On the left check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK.
* Make sure everything in the white box has a check next to it, then click Next.
* It will quarantine what it found and if it asks if you want to reboot, click Yes.
* To retrieve the removal information please do the following:
+ After reboot, double-click the SUPERAntiSpyware icon on your desktop.
+ Click Preferences. Click the Statistics/Logs tab.
+ Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
+ It will open in your default text editor (such as Notepad/Wordpad).
+ Save the notepad file to your desktop by clicking (in notepad) "File" "Save As"
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
* Please add the log as an attachment along with a new HijackThis log in the next post.

* Download fsbl.exe and save it to the Desktop.
* Once saved... double click fsbl.exe to install the program.
* Click accept agreement and click Scan
* This application may trigger a warning from your antivirus. Let the driver load. Wait for it to finish.
* If it displays any items...don't do anything with them yet. Just hit exit (close)
* It will drop a log on Desktop that starts with fsbl....big number